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IN THE CLAIMS 

Claims 1, 5, 11, 15, 21, 24, 25 are amended as indicated below. This listing of claims 
will replace all prior versions of claims in the application. 

Listine of Claims: 

Claim 1 (currently amended) A method for booting a computer system with first and second 
versions of a bootable program comprising the steps of: 

loading said first and second versions of said bootable program into first and second 
partitions of a storage device coupled to said computer system; 

hashing a boot record (BR) of said first and second versions of said bootable program 
producing respective first and second digests; 

signing said first and second digests using a cryptographic signature engine and a private 
installation key producing first and second signatures; 

storing said first and second signatures with additional data defining said first and second 
versions of said bootable program in first and second entries in a said non-volatile memory 
coupled to said computer system; 

assigning said first partition as an active partition of said storage device by updating an 
active partition entry of a partition table of a master boot record (MBR)_of said storage device, 
said active partition entry indicating which version of said BP is booted on a power up of said 
computer system; 

assigning said first entry corresponding to said first version of said bootable program as 
an active entry in said non- volatile memory; and 

assigning said second entry corresponding to said second version of said bootable 
program as an alternate entry in said non-volatile memory. 
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Claim 2 (original) The method of claim 1 further comprising the step of: 

locking said first and second entries in said non-volatile memory with a hardware locking 
mechanism of said computer system preventing modification of contents of said first and second 
entries. 

Claim 3 (original) The method of claim 1, wherein said bootable program is an operating system 
of said computer system. 

Claim 4 (original) The method of claim 1 further comprising the steps of: 

loading a BR fi-om said active partition entry of said MBR using Power-On-Self-Test 
(POST) code when said computer system is powered up; 

decrypting said first signature in said active entry using a public installation key; 

comparing a hash of said BR of said active partition to a hash of a BR retrieved fi-om said 
active entry, returning a first compare result; 

booting with said first version of said bootable program in said active partition when said 
first compare result is true; and 

retrieving said second signature from said alternate entry when said first compare result is 

false. 

Claim 5 (currently amended) The method of claim 4 fiirther comprising the steps of: 

decrypting said second signature in said alternate entry using said public installation key; 

comparing said hash of said BR of said active partition to a hash of a BR retrieved from 
said alternate entry, returning a second compare result; 

clearing said active entry from said non-volatile memory when said second compare 
result is true; 

moving contents from said alternative entry to said active entry; and 
booting with said alternate version identified by said active entry. 
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Claim 6 (original) The method of claim 5 further comprising the step of: 
halting said POST when said second compare result is false. 

Claim 7 (original) The method of claim 1 further comprising the step of: 

monitoring a third entry of said non-volatile memory for an indication said third entry is 

valid. 

Claim 8 (original) The method of claim 7 further comprising the step of 

moving contents of said second entry to said first entry in response to said valid 
indication. 

Claim 9 (original) The method of claim 8 further comprising the steps of 
moving contents of said third entry to said second entry; 

marking said second partition corresponding to said second version of said bootable 
program as said active partition entry in said master boot record; and 

booting said version of said bootable program in said active partition. 

Claim 10 (original) The method of claim 9 further comprising the step of 

locking said first and second entries in said non-volatile memory with a hardware locking 
mechanism of said computer system preventing modification of contents of said first and second 
entries. 

Claim 1 1 (currently amended) A computer system comprising: 
a central processing unit (CPU); 
a random access memory (RAM); 

an electronically erasable programmable read only memory (EEPROM); 
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an I/O adapter; 

a disk storage system coupled to said I/O adapter; and 

a bus system coupling said CPU to said EEPROM, said I/O adapter, and said RAM, 
wherein said CPU fiirther comprises; 

circuitry for loading said first and second versions of said bootable program into first and 
second partitions of a storage device coupled to said computer system; 

circuitry for hashing a boot record (BR) of said first and second versions of said bootable 
program producing respective first and second digests; 

circuitry for signing said first and second digests using a cryptographic signature engine 
and a private installation key producing first and second signatures; 

circuitry for storing said first and second signatures with additional data defining said 
first and second versions of said bootable program in first and second entries in a said non- 
volatile memory coupled to said computer system; 

circuitry for assigning said first partition as an active partition of said storage device by 
updating an active partition entry of a partition table of a master boot record (MBR)_of said 
storage device, said active partition entry indicating which version of said BP is booted on a 
power up of said computer system; 

circuitry for assigning said first entry corresponding to said first version of said bootable 
program as an active entry in said non- volatile memory; and 

circuitry for assigning said second entry corresponding to said second version of said 
bootable program as an alternate entry in said non-volatile memory. 

Claim 12 (original) The computer system of claim 1 1 further comprising: 

locking said first and second entries in said non-volatile memory with a hardware locking 
mechanism of said computer system preventing modification of contents of said first and second 
entries. 
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Claim 13 (original) The computer system of claim 11, wherein said bootable program is an 
operating system of said computer system. 

Claim 14 (original) The computer system of claim 1 1 further comprising: 

circuitry for loading a BR from said active partition entry of said MBR using Power-On- 
Self-Test (POST) code when said computer system is powered up; 

circuitry for decrypting said first signature in said active entry using said public 
installation key; 

circuitry for comparing a hash of said BR of said active partition to a hash of a BR 
retrieved from said active entry, returning a first compare result; 

circuitry for booting with said first version of said bootable program in said active 
partition when said first compare result is true; and 

circuitry for retrieving said second signature from said alternate entry when said first 
compare result is false. 

Claim 15 (currently amended) The computer system of claim 14 fiirther comprising: 

circuitry for decrypting said second signature in said alternate entry using said public 
installation key; 

circuitry for comparing said hash of said BR of said active partition to a hash of a BR 
retrieved from said alternate entry, retuming a second compare result; 

circuitry for clearing said active entry from said non-volatile memory when said second 
compare result is true; 

circuifry for moving contents from said alternative entry to said active entry; and 

circuitry for booting with said alternate version identified by said active entry. 

Claim 16 (original) The computer system of claim 15 fiirther comprising: 

circuitry for halting said POST when said second compare result is false. 
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Claim 17 (original) The computer system of claim 1 1 further comprising: 

circuitry for monitoring a third entry of said non-volatile memory for an indication said 
third entry is valid. 

Claim 18 (original) The computer system of claim 17 further comprising: 

circuitry for moving contents of said second entry to said first entry in response to said 
valid indication. 

Claim 19 (original) The computer system of claim 18 further comprising: 

circuitry for moving contents of said third entry to said second entry; 

circuitry for marking said second partition corresponding to said second version of said 
bootable program as said active partition entry in said master boot record; and 

circuitry for booting said version of said bootable program in said active partition. 

Claim 20 (original) The computer system of claim 19 further comprising: 

circuitry for locking said first and second entries in said non-volatile memory with a 
hardware locking mechanism of said computer system preventing modification of contents of 
said first and second entries. 

Claim 21 (currently amended) A computer program product for booting a computer system 
having first and second versions of a bootable program, said computer program product 
embodied in a machine readable medium, including programming for a processor, said computer 
program comprising a program of instructions for performing the program steps of: 

loading said first and second versions of said bootable program into first and second 
partitions of a storage device coupled to said computer system; 

hashing a boot record (BR) of said first and second versions of said bootable program 
producing respective first and second digests; 
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signing said first and second digests using a cryptographic signature engine and a private 
installation key producing first and second signatures; 

storing said first and second signatures with additional data defining said first and second 
versions of said bootable program in first and second entries in a said non-volatile memory 
coupled to said computer system; 

assigning said first partition as an active partition of said storage device by updating an 
active partition entry of a partition table of a master boot record (MBR)_of said storage device, 
said active partition entry indicating which version of said BP is booted on a power up of said 
computer system; 

assigning said first entry corresponding to said first version of said bootable program as 
an active entry in said non-volatile memory; and 

assigning said second entry corresponding to said second version of said bootable 
program as an alternate entry in said non-volatile memory. 

Claim 22 (original) The computer program product of claim 21 fiirther comprising the step of: 

locking said first and second entries in said non-volatile memory with a hardware locking 
mechanism of said computer system preventing modification of contents of said first and second 
entries. 

Claim 23 (original) The computer program product of claim 21, wherein said bootable program 
is an operating system of said computer system. 

Claim 24 (currently amended) The computer program product of claim 21 further comprising 
the steps of: 

loading a BR fi-om said active partition with Power-On-Self-Test (POST) code when said 
computer system is powered up; 

decrypting said first signature in said active entry using a said public installation key; 



8 



RPS920010106US1 



PATENT 



comparing a hash of said BR of said active partition to a hash of a BR retrieved from said 
active entry, returning a first compare result; 

booting with said first version of said bootable program in said active partition when said 
first compare result is true; and 

retrieving said second signature from said alternate entry when said first compare result is 

false. 

Claim 25 (currently amended) The computer program product of claim 24 ftirther comprising 
the steps of: 

decrypting said second signature in said alternate entry using said public installation key; 

comparing said hash of said BR of said active partition to a hash of a BR retrieved from 
said alternate entry, returning a second compare result; 

clearing said active entry from said non-volatile memory when said second compare 
result is true; 

moving contents from said alternative entry to said active entry; and 
booting with said alternate version identified by said active entry. 

Claim 26 (original) The computer program product of claim 25 fiarther comprising the step of 
halting said POST when said second compare result is false. 

Claim 27 (original) The computer program product of claim 21 further comprising the step of 

monitoring a third entry of said non-volatile memory for an indication said third entry is 

valid. 

Claim 28 (original) The computer program product of claim 27 further comprising the step of 

moving contents of said second entry to said first entry in response to said valid 
indication. 
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Claim 29 (original) The computer program product of claim 28 further comprising the steps of: 
moving contents of said third entry to said second entry; 

marking said second partition corresponding to said second version of said bootable 
program as said active partition entry in said master boot record; and 

booting said version of said bootable program in said active partition. 

Claim 30 (original) The computer program product of claim 29 further comprising the step of 

locking said first and second entries in said non-volatile memory with a hardware locking 
mechanism of said computer system preventing modification of contents of said first and second 
entries. 

Claim 31 (original) A method for booting a computer system with first and second versions of a 
bootable program (BP) comprising the steps of: 

loading said first and second versions of said bootable program into first and second 
partitions of a storage device coupled to said computer system; 

identifying said first version as an active partition in a master boot record (MBR) by 
placing data defining said first version in an active partition entry, said active partition entry 
indicating which version of said BP is booted on a power up of said computer system; 

maintaining a version management table in a non-volatile memory wherein data placed in 
an active entry indicates which version of said BP corresponds to an active version and wherein 
data placed in an alternate entry indicates which version of said BP corresponds to an alternate 
version; 

comparing selected data in said active entry in said version management table to selected 
data pointed to by said active partition entry of said MBR returning a first compare result; and 

booting with said version in said active partition if said first compare result is true. 
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Claim 32 (original) The method of claim 31, wherein said active and alternate entries in said 
version management table are locked with a hardware read only locking mechanism at selected 
times. 

Claim 33 (original) The method of claim 31, wherein said bootable program is an operating 
system of said computer system. 

Claim 34 (original) The method of claim 3 1 further comprising the steps of: 

replacing said data in said active entry with said data in said alternate entry if said first 
result is false; 

comparing selected data in said active entry in said version management table to selected 
data pointed to by said active partition entry of said MBR returning a second compare result; and 

booting with said alternate version in said active partition if said second compare result is 

true. 

Claim 35 (original) The method of claim 34 fiirther comprising the step of: 

stopping booting of said computer system if said second compare result is false. 

Claim 36 (original) The method of claim 31, wherein said active partition pointed to by said 
active partition entry in said MBR is changed in response to a version management program 
conmiand sequence. 

Claim 37 (original) The method of claim 31, wherein said compare step is performed by Power- 
On Self-Test (POST) code. 

Claim 38 (original) The method of claim 34, wherein said compare step is performed by Power- 
On Self-Test (POST) code. 

Claim 39 (original) The method of claim 31 further comprising the step of 
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determining when contents of a third entry of said non-volatile memory are valid. 

Claim 40 (original) The method of claim 39 further comprising the step of: 

moving contents of said alternate entry to said active entry when said contents of said 
third entry are valid. 

Claim 41 (original) The method of claim 40 further comprising the steps of: 
moving contents of said third entry to said alternate entry; 

marking a second partition corresponding to said second version of said bootable 
program as said active partition in said MBR; and 

booting said version of said bootable program in said active partition. 

Claim 42 (original) The method of claim 41 further comprising the step of: 

locking said active and alternate entries in said non-volatile memory to prevent a 
modification of contents of said active and alternate entries. 

Claim 43 (original) A computer system comprising: 
a central processing unit (CPU); 
a random access memory (RAM); 

an electronically erasable programmable read only memory (EEPROM); 
an I/O adapter; 

a disk storage system coupled to said I/O adapter; and 

a bus system coupling said CPU to said EEPROM, said I/O adapter, and said RAM, 
wherein said CPU further comprises; 

circuitry for loading said first and second versions of said bootable program into first and 
second partitions of a storage device coupled to said computer system; 
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circuitry for identifying said first version as an active partition in a master boot record 
(MBR) by placing data defining said first version in an active partition entry, said active partition 
entry indicating which version of said BP is booted on a power up of said computer system; 

circuitry for maintaining a version management table in a non-volatile memory wherein 
data placed in an active entry indicates which version of said BP corresponds to an active version 
and wherein data placed in an alternate entry indicates which version of said BP corresponds to 
an alternate version; 

circuitry for comparing selected data in said active entry in said version management 
table to selected data pointed to by said active partition entry of said MBR returning a first 
compare result; and 

circuitry for booting with said version in said active partition if said first compare result 

is true. 

Claim 44 (original) The computer system of claim 43, wherein said active and alternate entries 
in said version management table are locked with a hardware read only locking mechanism at 
selected times. 

Claim 45 (original) The computer system of claim 43, wherein said bootable program is an 
operating system of said computer system. 

Claim 46 (original) The computer system of claim 43 further comprising: 

circuitry for replacing said data in said active entry with said data in said alternate entry if 
said first result is false; 

circuitry for comparing selected data in said active entry in said version management 
table to selected data pointed to by said active partition entry of said MBR returning a second 
compare result; and 

circuitry for booting with said alternate version in said active partition if said second 
compare result is true. 
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Claim 47 (original) The computer system of claim 46 further comprising: 

circuitry for stopping booting said computer system if said second compare result is false. 

Claim 48 (original) The computer system of claim 43, wherein said active partition pointed to 
by said active partition entry in said MBR is changed in response to a version management 
program command sequence. 

Claim 49 (original) The computer system of claim 43, wherein said compare step is performed 
by Power-On Self-Test (POST) circuitry. 

Claim 50 (original) The computer system of claim 46, wherein said compare is performed by 
Power-On Self-Test (POST) circuitry. 

Claim 51 (original) The computer system of claim 43 further comprising: 

circuitry for determining when contents of a third entry of said non-volatile memory are 

valid. 



Claim 52 (original) The computer system of claim 51 fiirther comprising: 

circuitry for moving contents of said alternate entry to said active entry when said 
contents of said third entry are valid. 

Claim 53 (original) The computer system of claim 52 further comprising: 

circuitry for moving contents of said third entry to said alternate entry; 

circuitry for marking a second partition corresponding to said second version of said 
bootable program as said active partition in said MBR; and 

circuitry for booting said version of said bootable program in said active partition. 
Claim 54 (original) The computer system of claim 53 further comprising: 
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circuitry for locking said active and alternate entries in said non-volatile memory to 
prevent modification of contents of said active and alternate entries. 
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